An investigation by ReversingLabs researchers has uncovered evidence of more malicious npm packages, with links to the same infrastructure that also appear to target cryptocurrency providers.

“On July 22nd, CoinsPaid experienced a hacker attack, resulting in the theft of USD 37.3M,” reads the announcement published by the company. “We believe Lazarus expected the attack on CoinsPaid to be much more successful.”

The Global Times newspaper, owned by the Chinese Communist Party, reported on July 26 that the Wuhan Municipal Emergency Management Bureau revealed that the Monitoring Center had been subjected to a cyberattack by an “overseas organization.”

The new vulnerability, tracked as CVE-2023-35081 (CVSS score: 7.8), impacts supported versions 11.10, 11.9, and 11.8, as well as those that are currently end-of-life (EoL).

The New York-based company said its acquisition of Jerusalem-based Privatise will provide Coro clients with a secure way to connect, manage and filter out malicious content, according to co-founder Dror Liwer.

Several vulnerabilities discovered by a researcher from industrial cybersecurity firm TXOne Networks in a Weintek product could have been exploited to manipulate and damage industrial control systems (ICS).

The rule has been delayed several times as the DOD revamp its approach, including changing to the longer proposed rule-making process. Originally, the expectation was that CMMC would come out as an interim final rule to be finalized in 60 days.

The latest analysis of the attack infrastructure from Team Cymru has revealed that the number of BackConnect C2s have shot up from 11 to 34 since January 23, 2023, with the average uptime of a server significantly reducing from 28 days to eight days.

The Transportation Security Administration revised its security directive on cybersecurity for oil and natural gas pipelines Wednesday. The directive was issued and later renewed following the ransomware attack on Colonial Pipeline.